Summary:

A new ransomware variant called 3AM has been discovered, which encrypts files with the extension ".threeamtime" and references "3AM" in its ransom note. The ransomware is written in Rust and attempts to stop multiple services on the infected computer before encrypting files. It also deletes Volume Shadow (VSS) copies and has no known links to cybercrime organizations. The threat actors behind 3AM used the "gpresult" command to dump policy settings, executed Cobalt Strike components to escalate privileges, and tried to move laterally through other servers. The ransomware was only deployed on three machines and was blocked on two of them. The use of 3AM as a backup by a LockBit affiliate suggests it may be used again in the future.

Hashtags:

#Ransomware #3AM #Cybersecurity #Infosec #LockBit

https://www.infosecurity-magazine.com/news/3am-ransomware-variant-discovered/